Idea for Bisq light wallet

[HenrikJannsen]

We want to support both a full wallet (Bitcoin Core) and a light wallet to give the user the choice between maximal security and privacy and convenience. Currently we have implemented Electrum as light wallet, but its rather limited for more complex protocols and transactions. It also comes with privacy issues as the Electrum node learns about the requester's wallet addresses.

Using the Neutrino model with client-side block filtering would come with the problem that the bloom filters are still quite large for a light wallet and that we do not get notifications about mempool transactions, so a user would only see that they received funds once confirmed which is not great for UX.

Nobody has managed to solve those problems in a generic way so far, but we have in Bisq some special circumstances which can be used to our favor:

1. We have Tor/I2P by default, thus privacy concerns that the server learns the nodes IP address are irrelevant
2. We have a P2P network where we could distribute data in a privacy protecting way
3. We can run multiple nodes in the P2P as bridge nodes to a blockchain data provider and secure those by BSQ bonds
4. We encourage to not re-use addresses in the UI and can build on expected user behavior for prioritization.

We should also clearly separate the 2 core aspects of a wallet:

• Wallet and key management
• Blockchain data retrieval (here are the problems we need to solve)

So lets break down the different use cases and how we could solve it.

Requesting blockchain data for confirmed transactions can be done with http requests over Tor to a blockchain data provider. To avoid leaking that multiple addresses are from the same wallet/user each request should be done only for one address and repeated requests should be randomly distributed over a group of providers with a random time delay.
Thus the blockchain data provider will not learn about the wallet owner and their addresses.

For getting updates from unconfirmed transactions we send a http post over Tor to a special Bisq node, lets call it mempoolRelay.
Again, we only send 1 address per http post and repeat using a random delay and post each time to another randomly selected node. The node aggregates all addresses received from the Bisq network and request for mempool transations at a blockchain data provider (could be a mempool instance or Electrum server or using a bloom filter with BTC nodes or BTC core itself). Once relevant transactions are found the node broadcast those to the Bisq P2P network. That way all Bisq nodes receive the transaction but only the node which has the relevant address will use the data for updating its wallet state.

Those broadcast messages have a rather short TTL of maybe 30 min to avoid that the local storage gets bloated.
The posts from users to the mempoolRelay also have rather short TTL and users have to repeat the requests if they are online. Addresses of offline users gets pruned once the TTL expires and no new update has been received.
Maybe 1 hour could be a reasonable TTL. Thus the growth of the aggregated set of addressed for the mempoolRelay is kept in bounds.

We can use a priority mettrics based on the likelyhood that an address is expected to receive funds to optimize the process.
E.g. usually an address only received one time funds as we do not support address-reuse in the UI. We only create 1 fresh address per user, so the user is essentially only interested in transaction for 1 address. We can use the data from trade state to adjust that, e.g. if the user has multiple trades open there will be multiple high-priority addresses. All other addresses can be assigned a low priority and http posts happen less frequent.

At startup when the user make for all their wallet addresses a request, we can apply the same model to request more relevant addresses first and addresses with less likleyhood for receiving funds later with a longer delay.

Summary:

We provide an anonymous "dropbox" for addresses the users is interested to get updates about their balances. Each drop contains only 1 address, is sent over Tor and in a randomized manner to make it unfeasible for the receiver node to map addresses to a wallet.

The node which received those addresses filters the mempool for relevant transactions (e.g. a transaction which changes the balance of the address). If a relevant transaction is found the node broadcast that transaction to the Bisq P2P network. The address owner will receive it as a flood-fill message and apply it to their wallet to reflect that state change (e.g. address received funds in an unconfirmed transaction).

The technical solution how the node receives the mempool transactions and if the filtering is done in that node or done at the blockchain provider is up for discussion.

[alvasw]

Thank you for investing your time to find a solution to this problem! I think your concept will work in practice and it is better than everything we have now. I have a few ideas to improve the privacy of our users:

Lookups with Bitcoin Core

Instead of relying on external blockchain providers, we can use a Bitcoin Core node. The Bisq 2 Bitcoin implementation gets notified about unconfirmed transactions over a ZeroMQ connection, and we can reuse it. See [1] for further details.

Add noise to improve privacy

The mempoolRelay can pad the data, to be broadcasted, to a fixed packet size (like Tor cells) with other random unconfirmed addresses. Then, snooping peers in the P2P network cannot tell whether a address belongs to a Bisq user.

No idle mempoolRelays

Idle mempoolRelays, with no pending requests, can broadcast random unconfirmed transactions instead of being silent.

DoS Defense

We can use our existing PoW infrastructure to protect the mempoolRelays and user nodes against DoS attacks.

Lightweight Protobuf serialized packet instead of HTTP

We can open a socket, send a small protobuf serialized request, and close the connection. A HTTP connection isn't reusable anyway, because of privacy concerns.

[1] https://github.com/bitcoin/bitcoin/blob/master/doc/zmq.md